This detection rule identifies potentially malicious PowerShell scripts that utilize invalid escape sequences for obfuscation purposes. Such techniques aim to conceal malicious activity by introducing backticks (`) between characters, which disrupts pattern recognition processes while maintaining execution functionality. The obfuscation tactic is employed to evade security mechanisms like the Antimalware Scan Interface (AMSI) and avoid detection by conventional static analysis methods. The rule requires the implementation of PowerShell Script Block Logging, which must be enabled to capture relevant script execution information. The query specifically looks for instances in the PowerShell operational log where the script block text contains unusual use of backticks, indicating possible obfuscation. An alert is triggered if the pattern is detected multiple times within a single script, suggesting potentially suspicious activity that warrants further investigation.